Forum
Aktif konular
Üyeler
Kurallar
Arama
Delphi - Shellcode 2 Executable Delphi - Shellcode 2 Executable
-
program ShellcodeToExecutable; uses Windows, Classes; const DOSStub: array[0..63] of byte = ( $BA, $10, $00, $0E, $1F, $B4, $09, $CD, $21, $B8, $01, $4C, $CD, $21, $90, $90, $54, $68, $69, $73, $20, $70, $72, $6F, $67, $72, $61, $6D, $20, $6D, $75, $73, $74, $20, $62, $65, $20, $72, $75, $6E, $20, $75, $6E, $64, $65, $72, $20, $57, $69, $6E, $33, $32, $0D, $0A, $24, $37, $00, $00, $00, $00, $00, $00, $00, $00 ); function Align(const Size, Alignment: DWord): DWORD; begin Result := 0; while Result < Size do Result := Result + Alignment; end; function CreatePEFile(Shellcode: TMemoryStream): TMemoryStream; var ImageDOSHeader: TImageDosHeader; ImageNTHeaders: TImageNtHeaders; ImageSectionHeader: TImageSectionHeader; pBuff: Pointer; dwSpace: DWORD; PaddingSize: Dword; const szText: string = '.code'; begin FillChar(ImageDOSHeader, 64, #0); ImageDOSHeader.e_magic := IMAGE_DOS_SIGNATURE; ImageDOSHeader.e_cblp := $0002; ImageDOSHeader.e_cparhdr := $0004; ImageDOSHeader.e_maxalloc := $FFFF; ImageDOSHeader.e_sp := $00B8; ImageDOSHeader.e_lfarlc := $0040; ImageDOSHeader.e_ovno := $001A; ImageDOSHeader._lfanew := $80; FillChar(ImageNTHeaders, 248, #0); ImageNTHeaders.Signature := IMAGE_NT_SIGNATURE; ImageNTHeaders.FileHeader.Machine := $014C; ImageNTHeaders.FileHeader.NumberOfSections := 1; ImageNTHeaders.FileHeader.SizeOfOptionalHeader := $E0; ImageNTHeaders.FileHeader.Characteristics := $010F; ImageNTHeaders.OptionalHeader.Magic := $010B; ImageNTHeaders.OptionalHeader.MajorLinkerVersion := 1; ImageNTHeaders.OptionalHeader.MinorLinkerVersion := 2; ImageNTHeaders.OptionalHeader.SizeOfCode := $1000; ImageNTHeaders.OptionalHeader.SizeOfInitializedData := $0000; ImageNTHeaders.OptionalHeader.AddressOfEntryPoint := $1000; ImageNTHeaders.OptionalHeader.BaseOfCode := $1000; ImageNTHeaders.OptionalHeader.BaseOfData := $1000; ImageNTHeaders.OptionalHeader.ImageBase := $00400000; ImageNTHeaders.OptionalHeader.SectionAlignment := $1000; ImageNTHeaders.OptionalHeader.FileAlignment := $200; ImageNTHeaders.OptionalHeader.SizeOfHeaders := $200; ImageNTHeaders.OptionalHeader.SizeOfImage := Align(ImageNTHeaders.OptionalHeader.SizeOfHeaders, ImageNTHeaders.OptionalHeader.SectionAlignment) + Align(Shellcode.Size, ImageNTHeaders.OptionalHeader.SectionAlignment); ImageNTHeaders.OptionalHeader.Subsystem := 2; ImageNTHeaders.OptionalHeader.SizeOfStackReserve := $100000; ImageNTHeaders.OptionalHeader.SizeOfStackCommit := $4000; ImageNTHeaders.OptionalHeader.SizeOfHeapReserve := $100000; ImageNTHeaders.OptionalHeader.SizeOfHeapCommit := $1000; ImageNTHeaders.OptionalHeader.NumberOfRvaAndSizes := $10; ImageNTHeaders.OptionalHeader.MajorSubsystemVersion := 4; ImageNTHeaders.OptionalHeader.MajorOperatingSystemVersion := 4; FillChar(ImageSectionHeader, 40, #0); CopyMemory(@ImageSectionHeader.Name[0], @szText[1], Length(szText)); ImageSectionHeader.PointerToRawData := $200; ImageSectionHeader.SizeOfRawData := Align(Shellcode.Size, $200); ImageSectionHeader.VirtualAddress := $1000; ImageSectionHeader.Misc.VirtualSize := Align(Shellcode.Size, $1000); //$1000; ImageSectionHeader.Characteristics := $E0000060; Result := TMemoryStream.Create; Result.Write(ImageDOSHeader, SizeOf(ImageDOSHeader)); Result.Write(DOSStub, SizeOf(DOSStub)); Result.Write(ImageNTHeaders, SizeOf(ImageNTHeaders)); Result.Write(ImageSectionHeader, SizeOf(ImageSectionHeader)); dwSpace := $200 - (SizeOf(ImageDOSHeader) + SizeOf(DOSStub) + SizeOf(ImageNTHeaders) + SizeOf(ImageSectionHeader)); GetMem(pBuff, dwSpace); ZeroMemory(pBuff, dwSpace); Result.Write(pBuff, dwSpace); FreeMem(pBuff, dwSpace); PaddingSize := Align(Shellcode.Size, $200) - Shellcode.Size; GetMem(pBuff, PaddingSize); ZeroMemory(pBuff, PaddingSize); Result.Write(pChar(Shellcode.Memory)^, Shellcode.Size); Result.Write(pBuff^, PaddingSize); FreeMem(pBuff, PaddingSize); end; var Shellcode: TMemoryStream; Result: TMemoryStream; begin Shellcode := TMemoryStream.Create; Shellcode.LoadFromFile('SHELLCODE.bin'); Result := CreatePEFile(Shellcode); try Result.SaveToFile('Output.exe'); finally Result.Free; end; end. -
"asm ile olusturdugunuz shellcode a ait bin dosyasini yukaridaki delphi uygulama ile kolaylikla calistirilabilir PE formatina donusturebilirsiniz."
http://www.tahribat.com/Forum-Nasm-File-Downloader-Shell-Code-203995/
Kısayol
Şikayet
Özel Mesaj
Alıntı yap
Toplam Hit: 2903 Toplam Mesaj: 2
Cevapla